44 lines
1.5 KiB
Plaintext
44 lines
1.5 KiB
Plaintext
[[saml-realm]]
|
|
=== SAML Authentication
|
|
{security} supports user authentication using SAML Single Sign On.
|
|
{security} provides this support using the Web Browser SSO profile of the SAML
|
|
2.0 protocol.
|
|
|
|
This protocol is specifically designed to support authentication via an
|
|
interactive web browser, so it does not operate as a standard authentication
|
|
realm. Instead, {security} provides features in {kib} and {es} that work
|
|
together to enable interactive SAML sessions.
|
|
|
|
This means that the SAML realm is not suitable for use by standard REST clients.
|
|
If you configure a SAML realm for use in {kib}, you should also configure
|
|
another realm, such as the <<native-realm, native realm>> in your authentication
|
|
chain.
|
|
|
|
In order to simplify the process of configuring SAML authentication within the
|
|
Elastic Stack, there is a step-by-step guide to
|
|
<<saml-guide, Configuring Elasticsearch and Kibana to use SAML Single-Sign-On>>.
|
|
|
|
The remainder of this document will describe {es} specific configuration options
|
|
for SAML realms.
|
|
|
|
|
|
[[saml-settings]]
|
|
==== SAML Realm Settings
|
|
|
|
See {ref}/security-settings.html#ref-saml-settings[SAML Realm Settings].
|
|
|
|
|
|
===== SAML Realm Signing Settings
|
|
|
|
See {ref}/security-settings.html#ref-saml-signing-settings[SAML Realm Signing Settings].
|
|
|
|
|
|
===== SAML Realm Encryption Settings
|
|
|
|
See {ref}/security-settings.html#ref-saml-encryption-settings[SAML Realm Encryption Settings].
|
|
|
|
===== SAML Realm SSL Settings
|
|
|
|
See {ref}/security-settings.html#ref-saml-ssl-settings[SAML Realm SSL Settings].
|
|
|